Apple issued the following statement to MacRumors today in which it apologized for a major FaceTime eavesdropping bug:
We have fixed the Group FaceTime security bug on Apple's servers and we will issue a software update to re-enable the feature for users next week. We thank the Thompson family for reporting the bug. We sincerely apologize to our customers who were affected and all who were concerned about this security issue. We appreciate everyone's patience as we complete this process.
We want to assure our customers that as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix. We are committed to improving the process by which we receive and escalate these reports, in order to get them to the right people as fast as possible. We take the security of our products extremely seriously and we are committed to continuing to earn the trust Apple customers place in us.
Widely publicized on Monday, the FaceTime bug allowed one person to call another person via FaceTime, slide up on the interface and enter their own phone number, and automatically gain access to audio from the other person's device without that person accepting the call. In some cases, even video was accessible.
We demonstrated the bug in a video earlier this week:
Apple disabled Group FaceTime as a temporary server-side solution, preventing the bug from working any longer. Apple is also working on a software update with a permanent fix that it originally said would be available this week, but it has been delayed until next week, according to Apple's statement.
Apple thanked the Thompson family for reporting the bug—supposedly over a week before it made headlines—and said it is committed to improving the process by which it receives and escalate these reports in order to quash bugs faster.
Apple already faces a lawsuit in Texas and a proposed class action lawsuit in Canada over the bug. Given the serious privacy implications involved, it is certainly possible there will be more class action lawsuits to come.
Top Rated Comments
Yes, it's a problem that something like this could be exploited to spy on someone, but without the publicity how many people would have ever tried this in their lifetime, let alone the week it was a problem?
Regardless of how much testing is done, bugs will pop up, especially in something as complex as an operating system, and especially when you have 1.4 billion devices running that operating system.
The problem here is Apple's system for handling bug reports is horrible. I've reported bugs that were indeed bugs, and Apple either responded with some canned nonsense about it being intended or didn't respond at all. Then 2-3 years later the bug was fixed. Anytime you have to deal with Apple outside the context of the Apple Store it's a mess.